To under sftp we first need to understand what is FTP.
What is FTP?
FTP is a short form of File Transfer Protocol. FTP is a protocol that is used to transfer data from client to remote server over internet connection.
Using FTP a client can access any information stored on server. Some servers are password protected and requires to enter username and password. FTP uses two channels for data and control and none of them are encrypted which means some one on network can easily sniff the data.
It allows to manage files from one to another system: It does not encrypt data and data is sent in a plain text format. FTP uses a client-server architecture, often secured with SSL/TLS.
Advantages of FTP
- No size limitation on single transfers
- The directory listing is uniform and machine-readable
- Transfers can be resumed and can be scheduled
- FTP allows files to take ownership and access restrictions
- FTP client allows you to transfer multiple file & directories
- It helps you to hide the information on individual computer systems
Disadvantages of FTP
- FTP is not a non-secure way to transfer data
- Compliance can be an issue when using FTP to send files
- Does not allow server-to-server copy and recursive directory removal operations
What is SFTP?
Secure File Transfer Protocol (SFTP) is a secure version of File Transfer Protocol (FTP), which facilitates data access and data transfer over a Secure Shell (SSH) data stream.
Unlike FTP, SFTP uses a single data and control channel. Before sharing the information between two computers SFTP verifies the identity of client and once a secured connection is established it sends the encrypted information.
SFTP stands for SSH File Transfer Protocol and it supports the full security and authentication functionality of the SSH protocol, including SSH keys.
SFTP protocol is used to transfer or manage file from one to another system using secure ssh connection. SFTP is not FTP both are different protocol. SFTP requires authentication and it encrypts the data.
Advantages of SFTP
- The connection is always secured and data is encrypted
- Uninformed TCP/IP ports can be redirected through the encrypted channel in both directions
- You can install the software and used with restricted functionality even without root privileges
- The SFTP protocol runs on a secure channel, so no clear text passwords or file data are transferred.
Disadvantages of SFTP
- The communication is binary and can't be logged
- SSH keys are not easy to manage and validate
FTP Vs SFTP
Followings are the some of the important differences of FTP and SFTP.
FTP | SFTP |
---|---|
Transmission is insecure | Transmission is secure and can be compressed |
FTP is accessible anonymously, and in most cases, it is not encrypted. | SFTP encrypts the data before sends it to another host. |
Supports password auth only | Supports both password and public-key authentication |
File Transfer Protocol. | Secure FTP Protocol. |
FTP does not offer a secure channel to transfer files between hosts. | SFTP offers a secure channel for transferring the files between the host. |
It uses Client-server Architecture | Uses SSH Architecture |
It uses two channels for data and control | Uses single channel for data and control |
Direct transfer | Tunneling |
Allow inbound connection on port 21 | Allow inbound connection on port 22 |
Allows outbound connection to port 21 | Allows outbound connection to port 22 |